With network technology is applied much more widely in people's daily life, people rely more on network to take part in more daily activities such as shopping, office work and entertainment via network. Due to the wide use of network applications, all kinds of websites which provide convenient services appear with increasing numbers and the security level required by the network is higher as well, especially the websites concerned e-bank and government office work which require the user who logs on to be legitimate. In recent years, dynamic password method is used widely to carry on verification in verification field. Dynamic password is added on the basis of the static password authentication in this verification method, which provides additional protection for a user password and enhances the security.
In the prior art, the authentication for the dynamic password is performed in the following way. The service provider distributes a dynamic password token to a user. With the same size as a USB drive, the token is an electronic device with processor and can run itself independently when the token is loaded with cells or is powered. Generally, a seed, which is called as static factor, corresponding to the dynamic password token, is stored inside the dynamic password token safely. The seed is a long character string or data. The dynamic password token can generate a dynamic password according to the dynamic password algorithm built in the token by using the seed and a dynamic factor. Because the dynamic factor can be a time factor or an event factor, the passwords generated are different from time to time, which provides higher security.
In the process of authenticating the above dynamic password, the inventor found that following problem lies in the prior art: the dynamic password with higher security is difficult to be cracked, but the method of verifying the dynamic password can not prevent an attack from a phishing website and the dynamic password has the possibility of being stolen. If a user opens and logs on a phishing website which masquerades as a real website, the phishing website will record the logon information input by the user. And the phishing website will pose as the user to log on the real website by using the recorded information, which will bring a big loss to the user information and property.